Unshakeable Salt is an Information Security company and everything we do is wrapped by our mantras of ‘Privacy by Design’ and ‘Privacy by Default’. This means we do our best to ensure that we are only capturing the minimal amount of personal information required for our business to operate. We are publishing this Privacy Notice so our customers, clients and suppliers are informed about what we hold, why we hold it and how you can enact your rights under the Data Protection Act.
This Privacy Notice has been updated to reflect your rights under the EU General Data Protection Regulation effective from 25th May 2018. This regulation supersedes the Data Protection Act of 1988 and will form the basis of the Data Protection Act 2018.
The categories of this information that we collect, process, hold and share includes:
- personal information (such as name, email address, postal address and phone number) of customers with whom we have a business contract.
Why we collect and use this information
We this information for:
- Regulatory compliance with the HMRC for tax records
- For communication with our clients during the delivery of services
- For the raising and processing of quotations, timesheets and invoices
The lawful basis on which we use this information
We collect and use this information under the requirements stated by the HMRC and UK Government:
Collecting this information
Whilst the majority of personal information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the data protection legislation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.
Storing this information
Our data retention policy is to store financial and tax related records for 6 complete tax years + the current tax year. i.e. up to 7 years.
In addition to this, we use anonymisation and pseudo-anonymisation tools to reduce personal information held in our systems 1 year after a client/customer/contact last had an active contract. An example of this is removing or masking names and addresses from our contacts database, but retaining a customer number such that we can still identify tax records.
Who we share this information with
We do not share this information with other companies, but our third-party solicitors and accounting firms do have access to financial records. As UK law requires invoices to contain items such as name & address, these companies do have restricted access to some personal information.
Your rights and requesting access to your personal data
Under data protection legislation, you have the following rights;
- The right to be informed
Businesses must provide ‘fair, transparent processing information’ to individuals, which we are providing through this data privacy notice.
- The right of access
Every individual has the right to access their personal data. Any individual can make a Data Subject Access Request (DSAR) to our Data Protection Officer who is listed below.
- The right of rectification
Information must be accurate. Anyone can request to have personal data rectified if it is incorrect or incomplete. If we are using incorrect details for you, please do send us a correction via email to the address below.
- The right to erase
Also known as the ’Right to be forgotten’. An individual can request for their personal data held to be destroyed when there is no compelling reason for its continued processing.
- The right to restrict processing
An individual has the right to block the processing of personal information
- The right to data portability
An individual can obtain and reuse their personal data for their own purposes. Where requested, we provide individuals data in a machine-readable format so that other organisations can use it.
- The right to object
Individuals have the right to objects at any time to the processing of their personal data, including profiling. Unshakeable Salt Ltd does not perform profiling or use personal information for marketing purposes.
- Rights in relation to automated decision making and profiling
Individuals have the right not to be subjects to automated decisions (which could include profiling) if this would significantly affect them. Unshakeable Salt does use this technology for the detection of security events, but we will never use automated decision making or profiling on personal data.
If you wish to exercise any of the above rights, please contact our Data Protection Officer via email:
David Pollard firstname.lastname@example.org
We aim to acknowledge every email to this inbox within 24 hours and if we haven’t sent a reply, please do call us using the number listed on your contract.
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/